0

I have a Spring Rest webservice which I call from my website (html pages), So anyone can retrieve the webservice URL from source code of a html pages.

Both webservice and website are deployed in the same server (id address: X.Y.Z.T)

My object is to prevent other people to call the rest service without passing by my site

Is there any way to restrict access to the webservice so that it can by called only by the id address X.Y.Z.T (where the website is deployed)?

Or another way?

Thanks for your help!

keylesson.com
  • 11
  • 3
  • Your website may be deployed on your server, but if a user visits your site, the pages and the Ajax requests run on the users PC. If you want to restrict access, use user based authentication. – dunni Apr 28 '16 at 13:08
  • Possible duplicate of [REST - How to restrict access for not authorized client software](http://stackoverflow.com/questions/14058603/rest-how-to-restrict-access-for-not-authorized-client-software) – andrucz Apr 28 '16 at 13:11
  • Take a look at http://programmers.stackexchange.com/questions/219028/how-to-safeguard-a-rest-api-for-only-trusted-mobile-applications – andrucz Apr 28 '16 at 13:11

1 Answers1

0

You can use something like CORS in the browser.

https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

But people with crawlers and such (outside the browser) can still grab your site. You can't stop this, even if you add some kind of authentication. People always able to write automatisation for the login and then crawl your site for example.

Lakatos Gyula
  • 3,949
  • 7
  • 35
  • 56